Protecting public health, including through public health surveillance, program evaluation, terrorism preparedness, outbreak investigations, and other public health activities, often requires access to or the reporting of the protected health information of individuals. This information is used to identify, monitor, and respond to disease, death, and disability among populations.
The Privacy Rule recognizes the legitimate need for public health authorities and certain others to have access to protected health information for public health purposes and the importance of public health reporting by covered entities to identify threats to the public and individuals. Thus, the Privacy Rule permits covered entities to disclose protected health information without authorization for specified public health purposes.
Research
Researchers in medical and health-related disciplines rely on access to many sources of health information, from medical records and epidemiological databases to disease registries, hospital discharge records, and government compilations of vital and health statistics.
The Privacy Rule recognizes that the research community has legitimate needs to use, access, and disclose individually identifiable health information to carry out a wide range of health research protocols and projects. The Privacy Rule protects the privacy of such information when held by a covered entity but also provides ways in which researchers can access and use the information for research, subject to various conditions.
Emergency Preparedness
Emergency preparedness and recovery planners may seek protected health information to ensure that in an emergency, individuals can receive the assistance or care they need. In addition, during a severe disaster, those involved in disaster relief efforts may seek protected health information to provide persons displaced and in need of health care ready access to services, and the means of contacting family and caregivers.
The Privacy Rule allows access to protected health information for emergency preparedness planning and response under a number of circumstances.
Health Information Technology
Health information technology (health IT) involves the exchange of health information in an electronic environment. Widespread use of health IT will improve the quality of health care, prevent medical errors, reduce health care costs, increase administrative efficiencies, decrease paperwork, and expand access to affordable health care. It is imperative that the privacy and security of health information be ensured as this information is maintained and transmitted electronically.
The Privacy Rule’s established baseline of privacy protections and individual rights with respect to individually identifiable health information support the use of health IT and provide important protections in this area. The Security Rule supports the adoption of new health information technologies while setting standards to ensure appropriate protection of electronic protected health information.
Genetic Information
The Genetic Information Nondiscrimination Act (GINA) was signed into law on May 21, 2008. GINA prohibits discrimination in health coverage and employment based on genetic information.
GINA requires modifications to the Privacy Rule to clarify that genetic information is a type of health information and to prohibit most health plans from using or disclosing genetic information for underwriting purposes.
Information is Powerful Medicine: HIV and HIPAA
Living with HIV requires being active in your medical care – making decisions with your doctor, tracking your progress, and doing everything you can to be healthy. With HIV, you also may have concerns about keeping your status private.
Whether your health information is stored on paper or electronically, you’ve got the right to keep it private. Those rights are protected by HIPAA. HIPAA also gives you other important rights, including the right to a copy of your medical record.
For more information on how HIPAA relates to HIV patients and caregivers, and how you can raise awareness, visit AIDS.gov/privacy.
HIPAA Privacy Rule and the National Instant Criminal Background Check System (NICS)
On January 16, 2013, President Barack Obama announced a series of Executive Actions to reduce gun violence in the United States, including efforts to improve the Federal government’s background check system for the sale or transfer of firearms by licensed dealers, called the National Instant Criminal Background Check System (NICS). Among those persons disqualified from possessing or receiving firearms are individuals who are subject to a Federal “mental health prohibitor” because they have been involuntarily committed to a mental institution; found incompetent to stand trial or not guilty by reason of insanity; or otherwise have been determined, through a formal adjudication process, to have a severe mental condition that results in the individuals presenting a danger to themselves or others or being incapable of managing their own affairs.
Concerns have been raised that, in certain states, the HIPAA Privacy Rule may be a barrier to reporting the identities of individuals subject to the mental health prohibitor to the NICS.
To address these concerns, HHS has issued a Notice of Proposed Rulemaking (NPRM) indicating its intent to modify the HIPAA Privacy Rule to permit certain HIPAA covered entities to disclose to the NICS the identities of persons prohibited by Federal law from possessing or receiving a firearm for reasons related to mental health, and soliciting public input on various issues. The proposed change would not permit the disclosure of individuals’ mental health records or any other clinical or diagnostic information.
HHS Strengthens Patients’ Right to Access Lab Test Reports
The Department of Health and Human Services (HHS) has taken action to give patients or a person designated by the patient a means of direct access to the patient’s completed laboratory test reports. The final rule amends the Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations to allow laboratories to give a patient, or a person designated by the patient, his or her “personal representative,” access to the patient’s completed test reports on the patient’s or patient’s personal representative’s request. At the same time, the final rule eliminates the exception under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to an individual’s right to access his or her protected health information when it is held by a CLIA-certified or CLIA-exempt laboratory. While patients can continue to get access to their laboratory test reports from their doctors, these changes give patients a new option to obtain their test reports directly from the laboratory while maintaining strong protections for patients’ privacy.
Source: U.S. Department of Health & Human Services, “Special Topics in Health Information Privacy” http://www.hhs.gov website. Accessed November 30, 2015. http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/index.html
© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.